Minecraft: Dark Tale of Scams, Malware & Extortion

The article exposes a sophisticated scam targeting Minecraft players through fake 'grief-free' server communities. The SugarSMP website, promising a safe gaming experience, was found to distribute malware-infected mod packs. The malware, named Spark stealer, steals sensitive data including Discord tokens, browser credentials, and crypto wallet information. The threat actors employ social engineering tactics to maintain their fake community's reputation and remove warnings about their activities. Multiple similar websites were discovered, all hosting various types of malware. The scam's persistence mechanisms and social engineering techniques are detailed, along with remediation steps for affected users.

Pulse ID: 69ba817a667265c550e1ce4a
Pulse Link: https://otx.alienvault.com/pulse/69ba817a667265c550e1ce4a
Pulse Author: AlienVault
Created: 2026-03-18 10:42:02

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Browser #CyberSecurity #Discord #Extortion #ICS #InfoSec #Malware #Minecraft #OTX #OpenThreatExchange #SMS #SocialEngineering #bot #AlienVault

Wide-scale, opportunistic SMS pumping attacks target customer sign-up pages

Pulse ID: 69b9c7efcaec1ff483f80f0b
Pulse Link: https://otx.alienvault.com/pulse/69b9c7efcaec1ff483f80f0b
Pulse Author: Tr1sa111
Created: 2026-03-17 21:30:23

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #InfoSec #OTX #OpenThreatExchange #SMS #bot #Tr1sa111

🛠️ Title: Gearsystem
🦊️ What's: A libre & accurate Sega Master System / Game Gear / SG-1000 emulator
🏡️ -
🐣️ https://github.com/drhelius/Gearsystem
🔖 #LinuxEmulation #Sega #sms #GameGear #SG1000
📦️ #Libre #Bin #Arch #Snap
📕️ https://lebottinlinux.vps.a-lec.org/LO.html

🥁️ Update: 3.9.1
⚗️ Signific. vers. 🦍️
📌️ Changes: https://github.com/drhelius/Gearsystem/releases
🦣️ From: https://www.youtube.com/embed/LKjmnK05-MQ?start=87

🎮️ https://www.youtube.com/embed/donJGpnMFFQ
🎮️ https://www.youtube.com/embed/5AuKvjH4Uqs
🎮️ https://www.youtube.com/embed/iKehYUp45e0

GoPix banking Trojan targeting Brazilian financial institutions

GoPix is an advanced persistent threat targeting Brazilian financial institutions and cryptocurrency users. It uses memory-only implants and obfuscated PowerShell scripts, evolving from previous RAT and ATS threats. The malware employs sophisticated techniques, including malvertising via Google Ads, man-in-the-middle attacks, and monitoring of Pix transactions and Boleto slips. GoPix bypasses security measures, maintains persistence, and uses robust cleanup mechanisms. It leverages multiple obfuscation layers and a stolen code signing certificate to evade detection. The threat actors carefully select victims, including financial bodies of state governments and large corporations, using legitimate anti-fraud services for targeted delivery.

Pulse ID: 69b81e54cf83df8f4401d65d
Pulse Link: https://otx.alienvault.com/pulse/69b81e54cf83df8f4401d65d
Pulse Author: AlienVault
Created: 2026-03-16 15:14:28

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Bank #BankingTrojan #Brazil #CyberSecurity #GoPIX #Google #GoogleAds #Government #InfoSec #Malvertising #Malware #OTX #OpenThreatExchange #PowerShell #RAT #SMS #Trojan #bot #cryptocurrency #AlienVault

By the end of summer 2026, I hope I'll get to delete my #facebook (#meta) account

1. Instead of using #messenger, I'll tell my friends to text me via phone #sms

2. Sell the remaining items that I'm currently selling on #marketplace

Eventually, on the long-term, I'd like to:

1. Setup a #matrix server for everybody to join and replace #discord as well.

2. Find a good replacement to Facebook Marketplace.

Wide-scale, opportunistic SMS pumping attacks target customer sign-up pages

A widespread SMS pumping campaign has been identified, targeting customer sign-up pages. The attackers, designated as O-UNC-036, use disposable email infrastructure and proxy services to launch high-volume, automated attacks against public API endpoints. Their objective is to create numerous accounts and trigger SMS messages to actor-controlled phone numbers, generating significant financial costs for target organizations. The attack pattern involves reconnaissance, infrastructure setup, and high-volume requests using known high-cost phone country codes. The campaign has been active since at least March 2024, affecting multiple tenants and organizations. Recommended protective measures include implementing FIDO Authentication, blocking suspicious domains and ASNs, and enhancing monitoring and response capabilities.

Pulse ID: 69b4567b03ea40d6ffd8a0f7
Pulse Link: https://otx.alienvault.com/pulse/69b4567b03ea40d6ffd8a0f7
Pulse Author: AlienVault
Created: 2026-03-13 18:24:59

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #Email #Endpoint #InfoSec #OTX #OpenThreatExchange #Proxy #RAT #SMS #Troll #bot #AlienVault